pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the oletools package. pyxswf is an extension of xxxswf.py published by Alexander Hanel.
rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the oletools package.
oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package.
olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the oletools package.
This article (written in French) was presented at the SSTIC symposium on the 6th June 2008.
It describes several methods to perform malware analysis, especially on Windows platforms. It focuses in detail on dynamic analysis, also called runtime analysis or sandboxing. Dynamic malware analysis consists in running malicious code on a dedicated system, configured to record all its actions to determine its behaviour. It is then possible to quickly determine the nature of the malware and decide how to respond to an incident. The article also shows how to build a simple dynamic malware analysis lab at low cost, provides details about the methodology and suggests how to go further.